Keep in mind that these arguments have to be made to laypersons who aren't necessarily from the United States, and who don't usually have a lot of technical knowledge.
- Do we currently have a big door problem?
- Wait, don't doors also serve an important function?
- Won't that make everybody much more insecure and basically do nothing against "bad stuff"?
- What if I put a wooden plank in front of the hole in my building? Wouldn't that be a "door"? Making doors illegal is not going to stop people from making "doors".
Now, people like to spin this analogy further and revise their proposal and say "Fine, keep your doors, but I get a spare key for every door made".
Problems with this:
- Yes, you and everyone in your office can grab the spare key and steal all my stuff (see TSA locks and basically any time in history that was tried).
- Remember the wooden plank above? That guy will not give you a spare key and can still hide "bad stuff".
- Fine, we will just use magical (blockchain) keys that nobody can steal and not make things insecure, but have an officer visit and inspect every room you have every 5 minutes. You have nothing to hide, do you?
The current government requests to be able to access encrypted info with a warrent are an extension of what currently happens in physical space.
But, by having a special key that opens all the doors, anyone could copy it - yes rules can put in place to who as access, etc, etc, but by knowing there is a "hole" in each device, every possible malicious agent will try and break it as soon as possible. Then what?
We have seen examples by Law Enforcement officers using accesses to gather data that would required a court order, but they didn't have one, and it was for personal reasons. So, how does that work out?
>But, by having a special key that opens all the doors, anyone could copy it - yes rules can put in place to who as access, etc, etc, but by knowing there is a "hole" in each device, every possible malicious agent will try and break it as soon as possible.
This is true in theory but it this a risk in practice?
>We have seen examples by Law Enforcement officers using accesses to gather data that would required a court order, but they didn't have one, and it was for personal reasons. So, how does that work out?
You sue for damages under section 1983.
TLDR: yes. Especially for companies and political dissidents (because countries, including the US, have used their secret and not-so-secret services to go after these. China vs Dalai Lama seems to be a rather well-known example, as is the theft of Airbus secrets by the NSA (not that the EU didn't do the same to Boeing). And if you can't trust the NSA with those keys, who exactly do you suggest we trust ?)
> You sue for damages under section 1983.
Ok, well let's keep in mind that this police officer was not convicted:
So unless you've got better cause for complaint than 12 bullets in your back and more than one witness, why even bother trying ?
I don't get where people get the idea that cops are somehow above ridiculous abuse of the system. When it comes to direct abuse of surveillance:
Note the duration of time these police officers were allowed to proceed, even after complaints were filed. Years.
The problem with any system that consists of people, is that people can be total immoral and criminal. Including, of course, Law enforcement, even judges. That means that we should make such systems safe even if groups of people within them conspire to commit crimes. Failure to do so can result in incredible damage to people. For a very recent example:
TLDR: the major, police, social workers, youth services and psychiatrists conspired to kidnap children and sell them to brothels, sex shop owners, and whoever else paid them ... out of hundreds of children stolen in this way, 2 have been returned after these people got caught.
Of course it was subsequently revealed that there are multiple dozen municipalities where such conspiracies existed. The state immediately intervened to stop all investigations except the one that had already made the paper "la Republica".
There is not a single European country where members of youth services haven't been caught doing the same, from Romania, to Sweden, to France, to the Netherlands.
I do not know that there is no one out there in the world who has a key to my house. Even if there was and someone found that key on a city street they would likely not be able to figure out which house it opened.
I know there is no legally mandated key to everyone's house that would allow anyone to enter whomever's house they please.
If an officer does something that should require a court order and don't have one then they end up prosecuted in the same way a criminal would be. You put checks and balances in place to make sure that they are caught.
You can't compare physical and digital privacy, why are people still trying it?
The key difference, to me, is that the current setup where the police can kick in the door to get in does not require subjects to make it any easier / more convenient for the police. If they have to raid and break in and get an approval, they will, but I am not required to arrange my locks or my furniture to help.
In fact, I am free to do the opposite. For example, I can put the things I do not want to share (private photos, detailed plans to become the world dictator, etc.), in an incinerator safe and try to destroy them if the doors are flying in. My 2c.
I'm opposed to back doors, but the door analogy is a bad one.
Given this door analogy works for the majority of the arguments being presented (which is impressive in itself given how different the physical and electronic worlds are), I'd say it's actually a pretty good analogy.
This is false. If it's ever true, the crime is confined to the perpetrator's mind.
The main difference where this analogy breaks down is that it is much easier to build practically unbreakable encryption (assuming P != NP), versus practically unbreakable doors or safes.
And surely we all deserve an underground bunker.
This is equally true for doors or encryption. If the government has a warrant for some data, they can attack the computing system that holds the data--just like trying to kick down a door.
They do this successfully all the time. Encryption is math in theory, but in practice it is implemented in hardware and software, neither of which are perfect. They are usually breakable.
The FBI made a big stink about forcing Apple to help them break the encryption on an iPhone. The FBI's own inspector general said that the FBI did not try hard enough to break into the phone before they went to court. And ultimately the FBI did break into that phone and access the data!
There is no need for a special law weakening encryption.
Some buildings are barricaded to make forced entry harder, some phones are more secure which makes hacking into them harder.
It just can't do so casually, with minimal resources, with a low probability of detection like it can when those messages are sent in the clear. A targeted cyberattack authorized by a warrant is the digital equivalent of sending a SWAT team to kick in a door.
And besides those not-so-abstract entities, they have contractors from private companies and corporations that aren't abstract neither, but even in abstract mode are driven by profit, not respecting your privacy/security/economy.
For anyone unaware, the TSA lock master key was leaked by including a photo of an actual master key in a newspaper article about said locks. I don't think encryption keys shared with police/govt. will be any safer.
The pursuit of lock-picking is as old as the lock, which is itself as old as civilization. But in the entire history of the world, there was only one brief moment, lasting about 70 years, where you could put something under lock and key—a chest, a safe, your home—and have complete, unwavering certainty that no intruder could get to it.
This is a feeling that security experts call “perfect security.” Since we lost perfect security in the 1850s, it has remained elusive. Despite tremendous leaps forward in security technology, we have never been able to get perfect security back
There are a few obvious issues with centralisation and the possibility of bad actors on the police, but I’m not sure how persuasive it is against “think of the children!!”
Most places where child endangerment is/would happen is already encrypted, and it doesn't seem to be significantly hindering investigation. Beyond this, requiring a master key won't stop independent implementations that don't have such a thing.
It's like criminals are willing to break the law or something. Areas with strict gun control still have gun crimes, and people willing to endanger children would still use encryption without said back door.
Do you really think this is sellable to the average voter? That isn't a mainstream opinion.
Intelligence does exist for the purpose of catching people doing nasty things even when they do it behind the curtain. Making curtains illegal would be the obvious stupid response which would harm everyone.
Nobody ever said that democracy is either free or easy; a bunch more criminals at large sometimes somewhere is a price we have to pay to have billions of people, including us, enjoying what remains of their freedom.
Just to avoid the most predictable counter argument: I'd keep defending this principle even in case one of those criminals would exterminate my entire family.
They don’t believe this; it’s an argument framed in a bad faith so that they can strip peoples rights and jam laws down our throats. Their mastery is in framing. Never use Or repeat their frame.
See George Lakoff’s work in framing. It’s essential in environment of heavy propaganda.
A bit late but thanks for suggesting Lakoff. I'm 1/3 through the video linked by another user and am loving it; it should be dubbed in other languages and spread around.
I highly recommend
* truth sandwich time (if you only listen to one make it this one)
* how republicans really think (if you only listen to one make it this one, too)
* how trump uses twitter to control the media (very eye opening)
* guns over people (on how to frame the gun debate)
Also, this lecture on political language exposes the leverage hooks politicians and propagandists use to hook and manipulate us. You will never listen/read political speech the same.
> Just try asking them their own passwords and hear the very predictable reply.
Is equally silly. Having nothing to hide is very different from having nothing to steal.
MITM means that somebody can steal your passwords (including your bitwallet)
So if you have something to steal, then end to end encryption is important.
I think that's a bit too far... but I get your point.
When having a discussion around privacy, I had no response to "you shouldn't have anything to hide" because I know privacy should somewhat be a human right (especially given its commoditization) but didn't know exactly why it's so important given that most Gen Z kids are sharing every aspect of their lives on social media.
Every other nicety in life is due to mutual respect, agreements and the ability to use force should those agreements be broken.
If I am using a restroom, I don't have a "right" to privacy. Tell that to a prisoner who has to take a shit in front of their cellmates... Even in comfort of your own home, someone could kick the door open. The fact that they don't kick in the door, is due to mutual respect for boundaries. This is what I would call a privilege, which has been mutually _agreed upon by_ and _granted to_ all parties involved.
Privileges make up our freedoms. They are the things that we fight for, and should continue to do so.
We should make an effort to not conflate the two, as it tends to blur the lines and give people a false understanding of what they have a right to intrinsically, vs what they must fight for.
I've always used intrinsic right as you suggest to describe what you mention, to differentiate the two.
Because the problem lies in the political domain, it's not unexpected that these two ideas (intrinsic rights vs privilege) are deliberately conflated precisely to blur the boundary, making their agenda achievable: the control of people.
i) do you wear clothes? You are hiding yourself! Why not walk naked down the street? You have something to hide.
ii) do you have curtains on your house? Why? (The answer is almost never "to keep out there light") Most people walk fully clothed in their own house. You have something to hide.
I also liken dragnet surveillance (a major reason on why we need E2EE) to upskirting. People have a basic right to assume some privacy even when in public... Otherwise the objectionable practice of upskirting should be legal too.
Cheekiness aside ( Pun ;) ), I second your point. "Having something to hide" is frequently conflated with "not wanting to share something with everyone that I don't need to".
>I think that's a bit too far... but I get your point.
Another way to say this is "I'd uphold this principle if it were your family, and I'd expect you to do the same if it were my family." It's understandable for principles to break down for individuals in extreme (contrived) circumstances, so long as most people abide by them.
These are only a tiny part of uses of encryption. Ask anyone if he would like to have his bank transfers, or his credit card credentials in plain text. End to end encryption allows the whole internet to act as a commerce platform.
Encryption allows journalists and activists in strict, controlled regimes to let facts out.
It allows an abuse victim to safely expose the abuser.
It allows at a broader spectrum to maintain secrecy when secrecy is the only way a subject has to distantiate himself from harm.
Disabling end to end encryption requires an implicit good faith on those who look at our communications, and the history is full of abuse from those figures.
Sure, now we are looking at tokenization which reduces the risk merchants store your details insecurely, but commerce will always require a bank to store your information and share it with legislators for anti money laundering purposes etc.
I think he meant to do that. E2EE between two people has the same kind of requirements as E2EE between a person and a server. If you're trying to say point-to-point encryption, where the server is just a relay between the points, and it handles the data unencrypted, then I think all the arguments for E2EE apply here as well.
I still think that full E2E is a fundamental human right.
I'd be surprised if most of the "child sex abuse" and "terrorism" traffic isn't already encrypted.
Two, people are sex trafficked in cars and in planes as well, should we stop using those? "But we can patrol and monitor planes and cars and catch the bad guys!" Okay, but then why do they still do it? Did any of that stop sex trafficking? No.
If politicians consider leaving everybody vulnerable to catch criminals, this is a incredibly high price to pay. I’d argue that the price is so high that even with evidence that this would help catch criminals we should still consider not doing it. However there is no evidence for that and my argument above explains why criminals would still be able to encrypt.
We should really stop implementing any security legislation without checking whether it actually achieves the stated goals.
I do believe we should search for solutions, I don't believe that we should let a small % of bad actors control our lives.
intruders may not care about my communication, but they do care about being able to access my servers, so you can not force me to use encryption with a backdoor without putting me and my company at risk.
if encryption without a backdoor gets outlawed entirely i'll go out of business because i will no longer be able to run any servers.
* We leak tons of metadata. Even with encryption it will be available to governments and gives them tons of ways to pin down people. Eg. in some cases police used location information of cell phones to create a list of suspects. A lot of that metadata is very hard to avoid so it's likely going to stay.
* You don't just protect yourself from the government, but also the provider. Recently a report surfaced about a yahoo employee searching his colleauge's yahoo accounts for naked pictures.
* Providers can also get hacked. If the data is in encrypted form at the provider, the hackers would have to issue an update of the client which is usually harder than "just" hacking some servers. Those hackers can even be foreign governments.
* Safe deletion gets much harder when you have to worry about data on your provider as well. There were stories about providers not deleting data that users explicitly wanted to be deleted. There's also the problem of safe hardware decomissioning. Although most big shops are handling this problem more professionally than most individuals who just run format on their laptop's hdd and then offer it on ebay, you still have to take them by their word and rely that they do their job well.
Weapons are uniquely special in that they are specifically designed to maim and kill. Via defense or justified actions is irrelevant; it's a tool of war. Arguably, if there was E2E software that was specifically designed to maim and kill it might be received in a similar manner as guns.
I'm not saying guns don't have legitimate uses or the right to ownership in the hands of legal, sane owners.
You don't think if people started using impaling spike strips for the front of cars that there might be similar discussions about banning said strips?
Many who advocate for tighter gun control make exceptions to hunting rifles. Those very clearly have a use other than the death of humans. Could they be abused? Certainly. But tools can be abused all over the place.
However when someone takes a weapon, designed for slaughtering, and slaughters with it.. well, can you blame people for questioning the validity of owning these items?
"Via defense or justified actions is irrelevant; it's a tool of war."
Your two statements above conflict. All types of firearms have been used in war, yet you want to make exceptions for hunting rifles. How do you explain this? Also, how do you differentiate a weapon designed for slaughtering versus a tool as you use both in relation to firearms?
What about sports shooting? Collecting? Personal defence in dangerous areas? Hunting(which because we fucked up ecosystems in some areas, culling is necessary)?
Also over here modern black-powder guns are legal, without license. And they are both VERY dangerous(way more dangerous in a crowds) and relatively cheap. There is a legal requirement that you have to load the bullet as separate parts(gunpowder, bullet etc).. but what's going to stop a criminal from going on rampage and from preparing them in advance?
Gun violence is a symptom of a worse issue in the society, banning guns will just hiding the symptom of the issue. Why they go on rampage? Why some people need it for personal defence(dangerous neighbourhoods? work-related?)? Why do we need to cull the wild animals from time to time?
Heck, if someone wants to go on rampage people they don't need guns, in a big crowd chef knife will be as deadly. And you can legally buy a machete too, or chainsaw, or axe, or whatever.
Bombs can be made from household items and there are plenty of instructions online. There is a schematic of timed detonator on Wikipedia on Casio watch page (google Casio terrorist watch).
It all boils down to proper culture of handling weapons, and not treating them as toys.
The difference between impaling strips and guns is simple: one is used, legally, in specified areas(shooting range, countryside for hunting, at home for defence etc.), while other is mounted permanently and used in public space. One shouldn't keep the gun assembled while transporting it - except if it is for personal defence.
I seriously have no issue with people using impaling spikes in wreck racing, as long as they are within regulation of the race. but on public road? hell no.
In a perfect would we wouldn't need guns at all, as there would be no reason for them to exist.
I covered that in hunting rifles. Various types of rifles have legitimate uses. However, it's an argument not in good faith to say that anything with a possible sport should be legal.
I can't make a rocket launcher sport and demand that rocket launchers become ~freely~ fully legal because it has a sport. This is a bad argument.
> Gun violence is a symptom of a worse issue in the society, banning guns will just hiding the symptom of the issue.
I agree entirely. You can have both however, mental health and restrictions. See: most first world countries other than the US.
The funny thing in these discussion is we already do have tons of regulation. The line is already drawn, we're not discussing drawing it, we're discussing whether or not we should move it.
Your arguments could be made about various rocket launchers or, hell, missiles and bombs. The line is already drawn there however, and the same argument for and against various rocket launchers (some legal and some illegal I believe), missiles, bombs and etc could be used in both cases.
Neither argument for or against guns inherently wins the argument; there's subtly in both. However it is my belief that the same reason we don't let people own larger scale weapons of destruction is valid for the larger scale automatic / semiautomatic weapons.
I am in full support of hunting rifles. Less so AKs and the like. I don't care if you have a sport around AKs - in the same way that I wouldn't care if you had a missile "sport".
I'm sure. Just like I expect cars to be more dangerous than guns, too. But you're drawing odd conclusions. My point was that tools have a place. A car is a tool. A knife is a tool. A hunting rifle is a tool.
A rifle with the capability of mowing down herds (or people) with a high rate of fire has little merit in my mind. I speak generally, because I don't explicitly mean automatic/semi/etc because that's a whole other debate. Hunting rifles don't need "mow down herds" capability. Likewise, if you can walk into a store and shoot 50 people with ease, I question if you really need that capability for hunting.
How many people in a crowd do you think you can kill with bolt action hunting rifles? Likewise, how many people in a crowd do you think you can kill with a knife?
I despise these arguments of "but I have sports with X guns!" or "but I use X gun to hunt!". You can fish with explosives but it's not needed nor is it legal in many places.
I support rifles for hunting, but there are limitations on the types of rifles, rate of fire, real use cases and etc.
This is nothing more than a politically motivated lie.
You cannot escape the fact that guns are overwhelmingly used for peaceful purposes that do not include maiming and killing. If this were not the case, Americans would all be dead or maimed by the guns that outnumber people in our country.
Even where the evidence strictly supports your claim, it counters the intent you imply. FBI standards for selecting ammunition, for example, test penetration through clothing and material designed to simulate a human body, but the intent is to stop lethal threats with a minimum of collateral damage. Quite opposite to being "designed for slaughtering", they are designed to minimize harm, while serving a defensive purpose.
> Via defense or justified actions is irrelevant
I think you'd find the opposite to be the case if a person were threatening your own life.
Though I'm currently living somewhere it's not legally possible, I have carried a pistol for self defense in the past. I never had to draw it or fire it at anybody. Nobody is dead or maimed because of my pistol. When carrying a pistol, I was always especially careful to try to de-escalate any potential conflicts, because I do not want to maim or kill anyone.
Its designed purpose, however is 100% to maim or kill other people. I carried it in case I needed to maim or kill someone (or more likely, use the threat of doing so) to prevent harm to myself. It isn't a piece of sporting equipment that's only incidentally deadly, like a target pistol, but a purpose-built defensive weapon.
Claims that the subset of firearms designed primarily to be antipersonnel weapons are something else come across as disingenuous to neutral observers. I hold pro-gun positions because I believe individual armed self-defense is a good thing, not because I think we should consider guns primarily as sporting equipment and only incidentally as weapons.
If the US government wanted to reduce the lethality of firearms, they would ban calibers, not accessories. Even so, a .22LR olympic pistol is enough to take down a bodybuilder with one critical hit. So olympic shooters could become murderers overnight, or have their weapons stolen. If not, why suspect that average people would instead?
Blades are, at one level of abstraction, designed to sever fibers and occasionally other materials. A straight razor is designed for a human to use to shave hair. A nakiri is designed for a human to use to slice vegetables. An executioner sword is designed for a human to use to kill another human by decapitation.
Likewise, many firearms are designed primarily to be good for shooting other people to incapacitate or kill them. I do believe most people should be able to obtain such weapons, but I don't find it difficult to imagine why someone might think otherwise.
Also, distributing child porn is itself a crime, separate from the abuse. So you would be directly using E2E in a crime that way. Are you implying that some laws hold less moral or legal value? If so, what are the differentiating factors in that decision?
Using the function of a gun on oneself is not a lawful use case, just as selling a human is not a lawful use case for WhatsApp. A more apt comparison using your example of not writing anything to encrypt would be the possession of a firearm compared to the possession of an E2E system. Both have lawful as well as unlawful uses.
On the part about writing the message being the first part of the crime and comparing that to committing suicide with a gun, the gun is the means by which the crime was committed, just as the means for the crime of selling the person would have been the medium through which it was transacted - WhatsApp in this case.
Perhaps you where trying to explain something else?
Stir that pot.
Does it though? It seems like a fallacious comparation for reasons that other comments have already explained. And as such, it makes a confuse, meaningless conversation.
At the same time, I still enjoy it because it did create a lot of responses.
I find discussions these days end up being an echo chamber of the same opinion. Something different and something to argue against is more interest than everyone just confirming each other.
Anything these people think of as "normal" activities has at one point or another been made illegal by a government, but without 1. Knowledge of specific cases 2. An emotional connection to those who suffered / are suffering and 3. A willingness to go beyond the fantasy of perpetual personal exceptionalism there can be no appreciation of the value of privacy over law, or privacy weighed against inevitable concomitant harms.
Yes, governments have a history of being unsafe to their citizens, but it's not anything like what it once was, and it's getting steadily better, despite what the MSM wants you to think.
Now I'm not saying it's okay they backdoor all encryption, I just don't think the argument "Government evil" is going to hold water for the average person, nor should it.
A much better argument should come from the, "we prefer guilty people go free than innocent people get convicted, let's apply that policy to privacy" school of thought.
On one hand, organized crime, observable in most countries where governments are present, on the other hand everyday objects and a disease.
Doesn’t look like an argument made in good faith.
The exact same mechanisms are available to fight both car deaths and malicious actors. Why do we trust the government to do one but not the other?
(Keep in mind I'm NOT in favor of backdooring crypto, I just don't think "but the government is corrupt" is a good argument against it)
This does not benefit the population, it only benefits organized crime organizations entrenched in government.
How do cars benefit organized crime as disproportionally as abovementioned tools?
Anne Frank's father had nothing to hide when he filled in the official forms asking his family religion and we all know how that turned out...
“Because a citizenry’s freedoms are interdependent, to surrender your own privacy is really to surrender everyone’s. Saying that you don’t need or want privacy because you have nothing to hide is to assume that no-one should have or could have to hide anything.”
So while I'm not currently rebelling against my government, I'm sure as hell glad the protestors in Hong Kong can get their hands on E2E encrypted chat.
So I look at this through a lens of what would be allowed on my thoughts and speech. Would it be ok to read everyone’s mind to prevent a terrorist act? No because the damage caused is greater than the damage prevented. Not to mention it would most likely be used to charge for IP infraction or speeding tickets or some other banal infraction.
Because that's the way things currently are with e.g. Facebook Messenger, Gmail, etc.
E2E is when your envelopes are only opened by their final recipient.
What about making that system available to anyone, irrevocably, who managed to get access to that system at one point? And would you put penalties in place for people who, when their mail is opened, are found to be using a cypher of their own? Is it illegal now to speak in code at all?
Does the layperson receive meaningful mail anymore? With the exception of my W-2 and the occasional jury summons, I feel like nothing about my life would change if the post office just threw away my envelopes.
I also have a shredder to destroy it before throwing them away.
I feel privacy is a basic human right regardless of what country you live in.
I’m not fan of punishing the majority because of a screwed up minority.
People who commit illegal acts as horrible as child abuse and terrorism are not going to respect the law when it comes to encryption.
Again, you can’t stop people from doing math. The idea of making it illegal is silly.
"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
I don't think anybody is suggesting two individuals should not be allowed to use math to protect their conversations. Even if Facebook adds a way for law enforcement to access communications individuals are still free to talk in code or encrypt their messages before putting it on the wire. With your old telephone, your carrier can wiretap your line but you can still use a scrambler or talk in code and the tap will reveal only metadata.
How is Facebook (or other internet services) being required to provide wire tap access any different from a telecom company?
The only purposes such a law seems to serve is to catch clueless idiots who will be caught anyway, and to enable mass-surveillance of law-abiding citizens.
A law that by design is not enforceable, serves no reasonable purpose.
People make a variant of this argument about guns, but there is an important distinction with encryption: encryption is purely defensive, doesn't escalate situations, and doesn't accidentally (or otherwise) kill anyone.
This framing makes it abundantly clear that any law against encryption is about one thing only: Spying on law abiding citizens.
For a little temporary Safety
Deserve neither Liberty nor Safety
Edit: Also, when you "think of the children" you have to think not only of their immediate safety but to think of their future ability to freely and safely converse with their peers, no matter what the current government deems "acceptable".
There’s no way to reasonably draw, much less enforce, a line dividing licit and illicit uses.
If you compromise some subset of messages, illicit uses will just move to a non-compromised technology.
So instead of drawing a line, which is impossible (and also comes down to human judgements about things like whether gay people should be killed) the only choice left, if you insist on being able to decrypt messages, is to legislate the ability to decrypt all of them.
First of all, good luck enforcing that; second, in so doing you will sweep in a lot of legitimate uses of encryption and make people and businesses less safe by endangering their finances, their privacy, and even their physical safety.
Because once you give governments the ability to read messages even assuming key escrow entities can protect the integrity of the system (unlikely) this ability will be abused by bad governments who have records of inflicting human rights abuse on citizens for “crimes” as minor as being gay, being trans, or saying the wrong words about god.
And in addition to being accessed by the bad people in government and the bad people drawn like flies to honey to work in the key escrow organization, the escrow keys will get out and be abused by more bad people which will be an entire other level of problems.
If respecting individuals privacy makes law enforcement more difficult, so be it. I'm sorry you have your work cut out for you.
‘We can design beautiful locks but we can’t keep the master key safe’.
If we can’t keep other nations from stealing the nuclear bomb plans, how do we expect to keep the master spy key safe?
So my argument is: because it's a war that can't be won. The criminals will use secure communication regardless. All we can do is decide on whether we also want to make everyone elses communicastion insecure.
Law enforcement simply have to adjust to a reality where eavesdropping on communication is difficult or impossible.
The fight against E2E is a political red herring to win votes. Politicians abrogate their responsibility to uphold law and order by playing with emotions instead. The current news cycle is absolutely symptomatic of that.
It’s a positive message: funding real police work instead can actually solve important crimes, if you recruit and train them. Let’s focus on that instead of a digital dragnet. I’d rather have real detectives on the streets cracking people trafficking gangs, than a database cluster.
The only counterpoint to end-to-end is "we want to be able to access your private conversations", which isn't really a counterpoint unless you agree with spying on citizens and would like to also allow the government to come into your house and place listening devices as they please, listen to your phone calls whenever they please, open up your mail whenever they please, so on. Hell, actually require you to wear a device at all times so all conversations can be recorded. No, just no.
The government could similarly demand backdoors into people's private devices, so people can be listened to and their usage of the device recorded, in case they might be up to no good.
I see essentially no moral difference between banning E2EE and banning security of devices. If you have no right to communicate secretly with a person, why should you have any right to communicate secretly with a possession?
You don't stop child abusers etc. They move to a different platform and you make everyone else less safe.
If you believe the 4th Amendment should be the answer to the question, then what about the flip side of the 4th Amendment: that it does allow reasonable searches with a warrant. This was the justification for "key escrow" systems in which master keys could only be unlocked with a court order. Do you support this approach? If not, why not?
Another question: If you believe the 4A's exclusive role, then do you also agree with the Supreme Court's interpretation that in ''national security cases'' electronic surveillance upon the authorization of the President or the Attorney General could be permissible without prior judicial approval? (See Katz v. United States)
If not, why do you believe so strongly in constitutional protections but not the equally-constitutionally defined role of the SCOTUS to interpret it? And if you do agree with SCOTUS interpretation, why should E2EE prevent a lawful intercept if directed by the President for national security matters?
For the record, I support E2EE, but these are serious issues that can't be hand-waved away. The question is anything but ridiculous.
I'm trying to understand the difference between a conversation over Facebook and a conversation on a telephone. Legally they are treated differently and I don't see why that should be.
Just ask anyone who has been hit over the head with a laptop.
Ban all computers.
If everyone uses encryption by default, those people can not that easily be picked out from the sea of information and targeted in other ways.
Even if you trust all actors involved in non-E2EE communication channel you can never assume that:
* This channel won't be compromised(hacking, wiretapping etc)
* That all actors involved(ISP, VPN host) will always stay trustworthy
Latter part is also related to laws - if you cannot prove that law cannot be abused by a bad actor then it shouldn't be a law.
Also banning encryption won't change the fact that it will be used. Criminals will still use it to hide their action, plus there is always steganography.
Also one of basic rules of law is "Innocent until proven guilty", banning E2EE basically reverses that.
I love the "nothing to fear, nothing to hide" argument, just reverse it and instead of applying to general populace - apply it to government as whole. Rules should work both ways - if citizens have nothing to fear if they have nothing to hide, the same should apply to all politicians and all government agencies.
In the past, governments could be overthrown by internal revolutionaries or external forces.
In the near future, governments will be able to surveil and anticipate their citizenry so as to make revolution impossible. They will do this because governments (political parties) have a self-preservation instinct. And with nuclear weapons in play, external overthrow is increasingly suicidal (excepting small countries).
Furthermore, that internal surveillance department can be turned on the government staff itself, leaving a small group of (unelected) officials with power over the rest of the government. Eventually one of them will gain the upper hand.
That means there could come a point of stasis, where governments become unassailably entrenched that humankind is stuck in a local maximum with whatever governments existed then.
Let's hope our current dictator for life is beneficent.
The majority of criminals caught in transit doesn't warrant me giving up my privacy. They will still be caught in the same manners they are now, and it still offers them little protection over what law enforcement typically does.
In my opinion, the federal government's unfettered access to people's messages is entirely new with the advent of the internet. They didn't enjoy this level of access when people communicated by written letters nor when they spoke to each other over analog telephones. I believe the questions is less about the mechanism (E2EE) and more about the reach of the federal government and law enforcement and how comfortable we, as citizens, are with them having this kind of access to all of our communications.
In terms of people who are willingly breaking the law, they will always have access to communication methods that the federal government and law enforcement cannot easily surveil. Right now many E2EE mechanisms are the easiest way for these people to communicate privately. If the federal government gets their way and gains access to their communication, and starts to crack down on these crimes then these people will move to another communication medium. Perhaps even back to traditional letters.
There are many reasons to oppose an E2EE system where the federal government and law enforcement have a "backdoor" that lets them read all of these messages. For instance, it won't be long before another organization (perhaps even foreign) figures out how the mechanism works and gains access to every person's communications; the security provided by such a system will have a limited term and we may not know when that terms ends.
In my opinion, the most important issue is granting this level of power to the government and law enforcement. I think this could really be an existential threat to democracy in the US.
I would think the appropriate comparison is neither of those, but rather "when people met in person". Usage of the internet today is much closer to what people did when meeting in person than when writing letters or even when talking on the phone, it is replacing a lot of direct face-to-face contact.
The demand to forbid E2E encryption is analogous to the demand that every citizen always has to make sure that the government can listen in to every personal conversation they have, and not only right now, but retroactively.
It creates a false dichotomy framing the argument in order to predetermine its outcome.
When made by the very powers who are known to seek to punish And remove the people seeking accountability and change, it is very suspicious.
If the government wanted to prevent sexual abuse of children, they would address such abuse everywhere, including among its own ranks. This is not the highest priority of governments. Their higher priority seems to increase their powers.
You can use it to do good things (hammer down nails to create a building to shelter people) or bad things (hurt people with it, smashing toes, etc). If someone does bad things with it, banning it stops people to do good things with it, and everyone lose.
Encryption ensure everyone can speak their mind freely, without worrying that someone with unclear motives can snoop around and read legitimate, but private discussions between two persons.
Not having this ability to speak freely hurts everyone, simply to remove a tool that could be used for bad things. Don't fight the tool, fight the bad actors with all the means at your disposition.
I was literally sat in a Crown Court on Wednesday for a trial where two guys were on trial for knives and GBH. Cops chased one and he had a blade in his back pocket when they caught him. Why? Well based on the call to the police and the witness evidence I expect if I'd spent a couple more days in court the story would be that he'd just stabbed somebody and so that's why - but even if he'd been caught on his way to stab somebody and never got there it's the same story. Nobody who'd come to play PS4 needed a knife. Nobody who'd come to play hide the sausage, or watch TV, or just sit around and get drunk needed a knife. They had knives so they could "defend themselves" when shit kicks off, which is why shit kicks off, which is why we have a law so they get locked up before they kill each other. Among the witnesses I didn't miss (because they refused to say anything) were the stabbing victims. Code of the streets see, it's OK to try to murder one another, but you mustn't tell the cops anything, this massive slit in my stomach must have been from being clumsy with nail scissors. (The medics unsurprisingly take the view that wounds are instead consistent with getting stabbed by somebody with a bladed weapon...)
The calculus for knives probably looks pretty different if the majority of nearby large mammals are Starbucks employees versus if they're Grizzly bears, or indeed Sheep, and so I don't pretend to think these laws make sense everywhere.
But the calculus for encryption is the same everywhere. We definitely don't want most people to be able to attack this stuff. But it turns out "Not most people" wasn't on the menu. "Nobody" and "Basically any motivated bad guy" are our available options, so let's pick "Nobody" and deal with the social consequences of that.
Pedophiles and terrorists are already using E2EE I would think, so this is really about government being able to spy on everyone.
They don't have that ability IRL, why should they online?
More importantly, what are the macro consequences of government access to everyone's private communications, and especially, the oppressive effect on free speech etc when everyone is aware they are being monitored (I do sometimes wonder if Snowden was more 'deliberate leak' than 'whistleblower').
If CIA and NSA can't keep dangerous tools safe and secure from the bad actors; if the FBI (commonly thought of as less cover) or local police have a ready backdoor access to my phone, messages, credit cards, or anything else, then they're practically already in bad actor's hands.
The similar argument is that my state has lost my personally identifiable information in no less than 3 security incidents.
What is illegal follows fashions. For example in the UK homosexuality used to be illegal. Our hero Alan Turing was imprisoned for it. There needs to be some latitude for people to do illegal things because the state doesn’t always get it right.
A perfect survellience state is not in ideal in this regard.
You probably want fairly good law enforcement to protect us from crimes but just for it not to be too damn good.
Them: Terrible things are terrible
Us: Yes they are
Them: Stop the terrible things
Us: We don't know how to do that without side effects that would be even more terrible.
Them: Just do it without causing the side effects.
Currently the government uses E2EE to safe guard themselves, then the American people should also have access to it to safe guard themselves. If the government allows us to purchase guns for our safety, why not encryption? You going to say encryption kills more people then guns?
Plus E2EE isn't some super secret thing the government only has access to. Any one can create a E2EE platform and the government would be hard press to stop it. You might not be able to commercialize it, but it won't stop it from existing.
I believe arguing over if something should be legal/illegal is a pointless distraction. E2EE exist now embrace it or move on, but don't think banning it or making it illegal will some how make it disappear.
>>>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Under the 4th, It could be argued that when the government has demonstrated that they have met the standard for reasonable, technology should allow them to have access to that data. Therefore, it's unreasonable that access to data in question is controlled by potential co-conspirators; those with perverse incentives to withhold compliance. It's also unreasonable for entities that operate within the governments jurisdiction to circumvent this constitutional requirement.
My research indicates that smart criminals tend to communicate in code. Because of the codes used and the frequency at which they change, the existence of communication is often of more probative value than the words used. Companies currently share this meta data with law enforcement.
If the veil of E2EE is lifted, smart criminals will move their communications elsewhere. They will find services owned by foreign companies in regimes that are not friendly to US law enforcement. Or they will move to low tech solutions that make collecting meta data more difficult.
Basically, I’m afraid that changing E2EE will catch criminals who make a myriad of mistakes that will get them caught anyways. Meanwhile, it will drive the intelligent criminals further underground, onto services owned and hosted in hostile (or less friendly) countries.
Otherwise you're going to be in the role of making propositions and the other side will be shooting them down. Make them argue their case and poke little nagging holes into it.
I'm always bothered by the sense of entitlement inherent in governmental campaigns against encryption. A properly-executed warrant allows the government to search for evidence and seize it. It does not create an obligation for the target to tell the government where the evidence is and how to make use of it.
Also inherent in our justice system is the concept that not all criminals get to be caught and convicted. Presumption of Innocence, Blackstone's Ratio, 5th Amendment, etc.
I don't think any of us want to live in a society where every law-breaker can be caught. We all break laws. I've barely left my home for 10 minutes today and am not entirely certain I haven't broken any.
In a democratic world, information is power. The more you know about someone, the more there is you can use against them; the more ways there are for you to lie.
People act differently when they are being watched. This is not a bad thing, and is not an accusation of immoral behavior. People are more likely to pick their nose while in private. People are also less likely to express morally correct but unpopular beliefs, such as supporting gay rights a few decades ago, if they believe that it will have negative social consequences. By having privacy, social movements can slowly grow over time.
Should you be allowed to send mesages over snail mail using code words understood by only the recipient and no one else?
These are political questions. Governments having the authority to listen in on all private conversations implies they have that authority. Do you accept that authority where you are unable to express yourself to other humans without government employees logging and monitoring your expressions of thought? Maybe you really have nothing to hide now,but if ever you are given a reason to disagree and dissent with societal norms,your expressions of dissent will be monitored by the very people that have a lot to lose by allowing your thoughts to be expressed. If you can accept regulation of your speech and this authority over your life and liberty then it makes sense to oppose E2EE.
The problem is that the people whose communication is being monitored never accepted this authority,E2EE is just a way of enforcing my expectation that my communication to someone will be read only by that person. Removal of this right or privilege must be done via due process and full transparency without which justice and fairness would be very difficult.
Last point: E2EE prevents mass monitoring of communication. For warrantful intercepts,law enforcement benefits the most out of having access to the whole device. One approach would be to force a transparent backdoor that will side-load rootkits that come with a device specific certificate with a certificate transparency log maintained by a watchdog gov agency that enforces requirement of a warrant for each cert and criminal penalty for mis-issuing of certs or tampeting of CT logs. What if someone roots their phone and removes the backdoor? Make it illegal much like silencers and bullet-proof vests are illegal. It does sound very unpleadant and uncomfortable but much saner than weakening protocols. Like it or not you won't be able to convince elected politicians there is no way to securely gain access to a suspected criminal's phone even with a warrant.
And that's just financial stuff. The current generation has repeatedly proven that they want to send revealing photos on these chat platforms. Remember the iCloud leaks of revealing photos? These were done with phishing attacks, but once again proves that there are malicious actors looking to take what most of us would consider to be private personal property. Today it was phishing attacks, but without encryption, tomorrow it might be an actual massive data dump of every photo ever sent on Messenger. Again, we currently have AI models that can do facial recognition and that can do nudity detection (as employed on YouTube, etc.), so access to the data set of photos sent on Messenger could then be analyzed by a computer to extract all nudes of key people (if targeted), or just all nudes (if not targeted). If your response to this is "they shouldn't be using it that way" -- again, consider that you might have second-order exposure to this problem. You may be smart enough to not send compromising information on Messenger, but maybe a close family member isn't and now you can be blackmailed or extorted to prevent revealing something of theirs. Or let's say everyone in your family is smart enough not to use Messenger this way. Your representative or senator's relatives might not though, and now they can be blackmailed too, and there's not much you can do about that since you may not even find out. All these problems similarly exist with respect to corporate privacy as well (trade secrets vs. potentially malicious foreign companies, people trying to get inside information for trading, etc.)
At the end of the day, to me the question of whether the US is trustworthy is besides the point: the lack of encryption exists for anyone trying to get in, and we know there are bad people trying to get in. If you take the lock off the door you might trust your friendly neighborhood policeman but the cat burglar can just as easily turn your doorknob.
1) If you have proof that they are sharing it then you simply do a criminal trial base based on that proof. No need to block e2ee because you already have proof.
2) If you do not have proof then you are assuming guilt without proof, and that is the opposite of how our justice system should operate. Innocent until proven guilty. No need to block e2ee, because you have not shown that any concrete person is breaking the law. And if you did show it, then look at point 1)
And thus we have exhausted both possible options, and in both cases there is no need to block e2ee.
By not caring. Privacy is worth more than forcing criminals to put a small bit of extra effort.
Right to bear arms is in the constitution, and so is the right to unreasonable search/seizure.
Since this functionality is so widespread and popular, the onus of proof should be on people who want to forbid it.
E2e encryption being prevalent makes law enforcements job much more difficult.
Child sexual abuse and terrorism being completely solved are incompatible with free society. Those kids need to take one for the team.
Bad actors will always have access to E2E encryption so any argument which discusses this is misleading. So the question is then should the governments have access to the communications of the general population? No.
1. Government abuses their power
2. Government gets hacked and hacker abuses their power
3. You have something to hide
Now we can debate on each of these points. Tell me if I’m missing something.
If law enforcement can read my messages so can engineers at the company, or anyone a hacker or disgruntled employee sells the data to.
Those messages may contain sensitive information like financial details, passwords etc.
I would also say that, similarly to how you can’t do all your criminal work inside a self-destructing safe, you can’t do all your criminal work in one e2e chat. Data will still be entering and exiting it somewhere, and if multiple people are involved, the relationships between them are weak points. But that’s getting too into the weeds. I think talking about something as simple as a lock would reframe the discussion for all but the most sycophantic.
I'm not making an argument about encryption, but you know there are these things called "laws", right?
Talking make a much better comparison. When you say something, someone can listen or record you, just like E2EE doesn't protect against shoulder-surfing or a compromised device. But once you've said a thing, it's gone. It's not just inadmissable but inaccessible. No police tactic in the world can physically reconstruct it, and the Fifth Amendment says you can't be forced to confess anything incriminating that you've said. (The comparison for encrypting illegal media is messier, but a spoken threat is a crime composed only of words, so we could compare that to an encrypted picture.)
And vitally, all the things governments warn about E2EE apply to speech. People use speech to plot all sorts of heinous acts. Criminals gravitate towards in-person speech instead of using letters or phone calls. Whether it's clergy covering up child abuse or terrorists plotting bombings, talking is the standard method of coordinating crimes without leaving evidence. There's speech which is itself criminal, like threatening bodily injury, which leaves no evidence after it's said. When people resort to speech instead of calls or letters, the job of the police gets harder. If everyone had to carry a running voice recorder or make phone calls, it would be much easier to convict criminals, and bulk analysis could be used to be proactive about terrorism and abuse instead of investigating after the fact.
It's hopefully intuitive to most people why "all speech needs to be recorded for police use" is unacceptable. "Nothing to hide" doesn't justify letting the police in on your pillow talk. Bulk analysis of who's talking about what is abhorrent, but warrant-only access isn't tolerable either. The government would abuse the system, private people would try to break into the logs, and the breach of privacy is fundamentally out of bounds regardless. And policing still happens just fine without such a log. Officers listen as people speak, just like they can monitor a device before it sends a message. People who hear bad things said report them. When physical crimes are plotted, the crimes leave evidence. And for speech like threats, we can still collect witness accounts or convict over follow-through. The government doesn't need a log of everything we say.
In the same way that all the horrors of cryptocurrency are grandfathered into cash, the menace of encrypted texts is already present in everyday speech, but the world keeps turning.
- People's privacy is inviolable
- State's right to surveil people's actions must be unlimited
Before now, the balance was kept by surveillance being too expensive. But it was already pretty obvious in the 80s that we're quickly going full cyberpunk: communication and processing of info become dirt cheap, everyone is moving to digital comms for ease of use, and suddenly vastly expanded surveillance is easy, both on the net and in the physical world.
In ten years, net connection will be ubiquitous like electricity, all info about the world will be processed in real time, minds will directly control computers, and the agencies will ask why they should give up vacuuming it all if someone might plan a crime somewhere in there. Why draw the line at the datacenter instead of personal computers if the boundary is barely there? Why must there be a limit? The argument of “there might be something unlawful on there” doesn't have a limit.
If you think that a discussion between people, or their actions, should be private like they were before, you gotta ask where the firm line is. But I don't really see anyone doing a cost-benefit analysis on privacy vs surveillance, since conveniently for the agencies it's a ethics issue, and measuring ethics with numbers is frowned upon. So it's gonna be “X crimes prevented and Y solved” vs some indeterminate inconvenience caused by data leaks and corrupt officials.
As a bonus exercise, ask yourself: if to beat criminals the police has by principle to have criminals' tools―violence and disregard for privacy―then what stops police from turning into criminals on the side? These two markets are for the same skills. For some countries, it's not an idle question. And obviously, if a tool is available to police, it becomes available to criminals too.
But personally, I don't think privacy advocates will ultimately have much weight in the decision on this dilemma. People like to pretend that they highly value personal freedom, but the whole shtick of society is that it has a net benefit for a population by limiting individuals. Band together with other people, lose the freedom to be as gross as you want as loud as you want, have to do favors to keep connections. Pay some organized bullies to defend from other ones, concentrate on your own job instead. Move to the city, be highly visible to many people but have a variety of decent food, and sewers. We were giving up freedom for security and convenience for thousands of years, and I doubt we're going to stop now.
(BTW, afaik the cliché quote about giving up liberty for safety is used completely wrong and originally had exactly the opposite context.)
Because Fuck You, that's why.
You're in luck because there are no objective arguments against it. When they inevitably turn to emotionalisms like "terrorism" and "sexual abuse", cite how insignificant of a percentage "terrorists" and "abusers" are of all E2EE usage. Explain that a ban for one is a ban for all, them included, and that encryption in fact protects from people's spying on and planning over one's significant other/children/etc. Ask why politicians like Trump or Clinton can seek protection from aggressors but you, an honest-working tax-paying citizen unentitled to a private security force, should not.
Explain that criminals overtly show their psychological traits every living moment and it is the failure of the authorities to help rectify their behaviour lest they commit a crime; that it is a well-paid police proffession to monitor people for such traits. Such a profession that is gladly and frugally assisted by artificial intelligence which can be tied to any camera that sees you, any website that you visit; that the government and companies can make deterministic psychological profiles from metadata alone and some graph theory.
You can also reference absurdity by stating that, to avoid "terrorism" among E2EE, the government should simply ban "terrorists" from using E2EE. However, the Wars-On-.* have been proven not to achieve the original goal in US history but rather to cause collateral damage, much more drastic than foreign subversion could. So banning or regulating E2EE is an ambiguous goal which will fail.
Suspicious, maybe it was foreign subversion indeed. Would you like E2EE when you pay taxes and go vote? So why not for more close-to-home data such as intimate details that could be used against you by an enemy or in court of law?
And finally, the police force and government authority use and _develop_ E2EE. They ought to have hidden back doors in it. For the hundreds of millions to billions of dollars law enforcement receives in funding, they ought to have. So even if we assume they could catch "terrorists" and "abusers" more efficiently. Well, then they don't need such giant budgets from your wallets. Would you consistently pay dozens of dollars a month for private investigators to aimlessly roam the country, not even saying what they are looking for? So why let the government do it? You could purchase many sources of joy with that money.
To respond to the question itself, let's start with what we actually do. We make the stuff people actually want, and thanks to abuses by authorities around the world, today they want privacy and trustworthy tools. We build things that facilitate growth and massive improvements in quality of life for literally billions of people around the world. That growth comes from building the things they both want and trust, and use each day to improve the quality of their own lives and of their families. I would encourage governments to get better at offering the same things.
The extreme cases cited in the OP are abused by people with agendas to use them as levers to assert their narrow interests, and not because they want to solve those particular problems. Parading victims of abuse and violence to bolster a narrow surveillance agenda is the rhetorical equivalent of using human shields. Hardly anyone is actually stupid, and everyone sees it. Further, why would you ask technologists to presume good, altruistic and aligned intentions in governments who want to conduct surveillance, yet not among ourselves and our users of encryption services? We can't make that altruism generalization about our own governments, let alone ones in other markets. I would reject this particular premise in being asked to make an argument "for," as well.
The question, "I need you to justify your view to me, and with it, these objectively terrible things" is disingenuous.
The short answer is technologists do not have the solutions to niche social and political problems any more so than anyone else. Terrorism, abuse, and porn exist independently of tech. The "arguments," against E2E encryption are made by people who don't have responsibility for the outcomes of their efforts, and are using these threats to deflect that and make others responsible for them.
If we all gave up E2E encryption, the value people entrust to networks would be reduced to where it would derail and destroy the economic growth trajectory which that trust facilitates to improve peoples lives. The solution is not for tech to do less of what people demonstrably want and willingly pay for, it's for governments to be smarter about their own roles and responsibilities.
If you want to solve the problems of abuse and terrorism directly, there are a ton of solutions that don't involve destroying the trust people have in each other that has improved our collective quality of life immeasurably in the last 30 years.
The basic idea is that users should have privacy. Real privacy would disqualify a service in the middle from intercepting and retaining user traffic. There must be some compromise though because the current internet model makes actual peer-to-peer without a middle service incredibly challenging. This is the problem I am attempting to solve, a client-to-client model instead of a client-server-client model. There will likely have to be a service in the middle to provide routing via DNS and tunneling via port 80 to get around things like firewalls and non-routable addressing, but traffic should be encrypted so that the middle service only provides a tunnel for encrypted data.
When I get far enough that I can turn this into a business I would not be able to serve advertisements to users, because their traffic would be encrypted. The disadvantage there is that I would have to find an alternate revenue model. The advantage here is that law enforcement could issue legal requests for user data and the only thing I could give them are account or billing details. I could not give out user contributed data, because you cannot give what you don't have.
I have also thought of a scheme to anonymize users in the system so that users are known to each other, but to everybody else the user ID is just some 128 character hash string bound to a private IP address. I haven't really thought through discovery yet, such as a user looking for their friend to exchange keys. With an anonymous user scheme in place user would have even more privacy. Users should never be anonymous to each other, because should be anonymous to those without access to their encryption. I will solve for this once I get to it.
As a service provider I would retain the power to disallow traffic via certain keys or anonymous IDs provided a proper legal request from a legal authority. If there is evidence of illegal activity gathered from regular police work I should be able to discontinue access to specifically identified accounts in accordance with the law, but it would require evidence I could not provide to law enforcement.
So far the shared file system operations are mostly built. I would like for this work as a Window-like GUI in the browser, which is built, and a command driven application from the terminal which is half built. I haven't started work on the security model or key exchange yet but I have a plan on how these should work. Once I debug copy/paste/delete from a file system on one computer to the file system on another computer from within the browser I will move on from the technical tasks to more revenue worthy tasks. I am almost there, but still have some work to do. This is taking long to write and test than I originally imagined.
Dead serious. The mentality that everything you want to have needs to be explicitly justified to society before you are permitted to have it is a sick twisted authoritarian mindset. I thought our society was better than this
2) The same reason I support the second amendment. The government is gigantic and powerful and scary. Even if it acts in the most benevolent way possible, it is gigantic and powerful and that is _intrinsically_ scary. The government can _fuck up_ and destroy ten thousand lives before anyone even notices. Consequently, people need ways to defend themselves from the government proactively. Encryption is one such way.
2b) If someone wants to argue that "what if criminals use it to do crime", remember that marijuana is still a federal crime, and some absurd percentage like 30% of all Americans have smoked it at least once. It is well within the government's power to just spider through all social media to see all references to marijuana, use that as probable cause, and do raids on _MILLIONS_ of people. Will this happen? Almost certainly not. COULD this happen? Absolutely. Unless, of course, all those communications were encrypted such that nobody could access them. I don't think "I pinkie swear I won't do it" is a good enough protection for me against that possibility
3) the cynical answer: we already have ample evidence of actual child sexual abuse rings, but for some bizarre reason the authorities lost interest in following up on that once the ONE guy they got hung himself. If they aren't willing to do the police work on this issue that they already can, I don't see what the argument is to give them full access to all crypto systems.
4) Technical answer: Just because you make a backdoor and give the government the only key, doesn't mean the government is the only people who are going to use that door. Maybe they lose the key. Maybe they give the key to someone who turns out not to be trustworthy. Maybe someone makes a secret copy of the key. Maybe a burglar doesn't actually get the key, but he's really really good at picking locks and so the backdoor makes it that much easier for him to get in. Security is a hard problem and every single compromise increases your risk surface area. The first lesson of security is "assume the worst possible thing happens, and then prepare for something worse than that". Such a back door (or, alternatively, legal prohibition of e2e encryption), dramatically compromises security simply by existing.
5) The tinfoil hat answer: The fact that they want it so badly tells me that they shouldn't have it
6) The current year answer: Do you want Donald Trump to personally have the ability to spy on anything that you, specifically, do? Y'know, if he's bored one day and wants to find something stupid to tweet? Do you want him to have that power? I don't
medium term, i don't see how democracy can function if E2EE becomes the norm (esp in the context of cryptocurrency). influence-buying, disinformation, collusion, bribes, bullying, etc become much much easier, and policing would become nearly impossible
instead, ban E2EE but allow each person to have multiple identities (with technical means to prevent them from being tied together or expose personal info - a nontrivial but solvable problem), ie Privacy via Multiple Identity or PvMI
this scheme would provide many of the benefits of E2EE (eg, preventing an employer from punishing your for political speech) while allowing policing of many illegal activities. one exception is that if the people became fed up with the govt and wanted to stage an armed rebellion, PvMI wouldn't help (though it would help get to the point of consensus that rebellion is needed). I'm not sure how practical the concept of armed rebellion is today, but I haven't written it off either. So this is a downside.
Can anyone think of any other not-harmful-to-society activity that E2EE helps with that PvMI wouldn't ?
Even if it weren't connected to your identity, you may send pictures you wouldn't want seen by anyone you didn't send them to.
You wouldn't want to send forbidden thoughts if your local government was known to repress them. A government could certainly track down your multiple identities and jail you.
I'm more likely to be harmed by government corruption or poor security practices of a messaging service than by terrorism; I would rather be safe from the first two, than maybe have slightly less of the third.
i'm thinking of MvPI for the USA (and presumably similar places). and it would require a society-level commitment to transparency for it to be sufficient (which may not be practical).
as for pictures, there would be technical means to obscure faces, tattoos, voices, etc.
as for the govt tracking you down, there would need to be an elaborate system of checks and balances - access to the unobscured data would require blockchain-like keys from multiple parties and would be publicly visible